AI and Your Terms of Service

Written By Ony Okoro

You've added AI to your product. Maybe it's a chatbot, a recommendation engine, content generation, or automated decision-making. The feature works, and your customers love it. But your Terms of Service still read like they were written in 2019.

This gap creates real risk. AI features can hallucinate, produce inconsistent results, and generate content with unclear ownership. Your Terms of Service need to address these realities.

Why Your Current Terms Probably Aren't Enough

Standard SaaS terms typically cover uptime, data security, acceptable use, and limitation of liability. They assume your software does what it's programmed to do, consistently. AI features introduce new categories of risk:

  • Unpredictable outputs. The same input can produce different outputs. Outputs can be wrong, misleading, or inappropriate, even when the system is working as designed.

  • Unclear ownership. When AI generates content, code, or analysis, who owns it?

  • Training and learning. If your AI improves based on usage, customers may have concerns about their data being used or expect rights in those improvements.

  • Third-party dependencies. Many AI features rely on external providers (OpenAI, Anthropic, Google). Those providers have their own terms that may affect what you can promise.

  • Evolving capabilities. AI models change. Features that work today may behave differently after an update. Customers need to understand this.

Your Terms of Service should address each of these risks.

The 8 Things Your AI Terms Should Cover

1. Disclosure That AI Is Being Used. Start with transparency. Customers should know when they're interacting with AI.

What to include:

  • A clear statement that certain features use artificial intelligence or machine learning

  • Identification of which features are AI-powered (or a general description if AI is embedded throughout)

  • A statement that AI outputs are generated algorithmically, not by humans

Why it matters:

Regulatory frameworks are increasingly requiring AI disclosure. The EU AI Act mandates transparency for certain AI systems. Several US states are considering similar requirements. Beyond compliance, transparency builds trust and sets appropriate expectations.

2. Accuracy Disclaimers and Limitations. AI outputs can be wrong. Your terms need to make this clear and allocate the risk appropriately.

What to include:

  • A statement that AI outputs may contain errors, inaccuracies, or omissions

  • A disclaimer that AI outputs should not be relied upon as the sole basis for decisions

  • Specific disclaimers for high-stakes use cases (legal, medical, financial advice)

  • A statement that the company does not guarantee the accuracy, completeness, or reliability of AI outputs

Why it matters:

When AI generates incorrect information, and a customer relies on it, you need contractual protection. Accuracy disclaimers won't eliminate liability in all circumstances, but they establish that the customer understood the limitations.

3. Prohibited Uses. Specify what customers cannot do with your AI features.

What to include:

  • Prohibited use cases (generating illegal content, spam, malware, deepfakes, etc.)

  • Restrictions on using AI to make automated decisions in sensitive areas without human review

  • Prohibitions on circumventing safety measures or filters

  • Restrictions on using outputs to train competing AI systems (if applicable)

Why it matters:

You can be held responsible for how your AI is used. Clear prohibited use terms give you the right to terminate bad actors and demonstrate that you've taken reasonable steps to prevent misuse.

4. Data Usage and AI Training. This is the issue customers care about most. Be explicit about whether and how their data is used to train or improve your AI.

What to include:

  • Whether customer data is used to train or improve AI models

  • Whether that training benefits only the customer, or all customers (or third parties)

  • Whether customers can opt out of data being used for training

  • How data is aggregated or anonymized before training use

  • Whether third-party AI providers receive customer data (and what they do with it)

Why it matters:

Enterprise customers increasingly demand contractual commitments that their data will not be used for AI training. If your default is to use customer data for training, say so and, at a minimum, consider offering an opt-out, especially for enterprise tiers.

5. Ownership of AI Outputs. Who owns what the AI creates? Address this directly.

What to include:

  • A statement on who owns AI-generated outputs (customer, company, or shared)

  • Any limitations on ownership

  • Restrictions on how outputs can be used

  • IP indemnification scope related to AI outputs (or exclusions)

Why it matters:

Ownership of AI outputs may be less valuable than customers expect. Your terms should set clear expectations while acknowledging this uncertainty.

6. Third-Party AI Providers. If you use external AI providers, your terms need to account for their terms.

What to include:

  • Disclosure that the Service uses third-party AI providers

  • A statement that third-party provider terms may apply

  • Pass-through of relevant restrictions from provider terms

  • Disclaimer of responsibility for third-party provider actions

Why it matters:

OpenAI, Anthropic, Google, and other AI providers have their own terms of service that may restrict how their outputs can be used, impose content policies, or limit liability. Your terms should not promise something their terms prohibit.

7. Changes to AI Features. AI features evolve. Models get updated. Capabilities change. Address this in your terms.

What to include:

  • Your right to modify, update, or discontinue AI features

  • Notice requirements for material changes (if any)

  • Disclaimer that AI behavior may change over time

  • Customer's options if they disagree with changes

Why it matters:

When you update an AI model, outputs may change. A customer relying on consistent behavior may be surprised or frustrated. Setting expectations upfront reduces friction.

8. Limitation of Liability Specific to AI. Your general limitation of liability may not adequately address AI risks. Consider AI-specific provisions.

What to include:

  • Explicit inclusion of AI outputs in limitation of liability

  • Disclaimer of liability for reliance on AI outputs

  • Exclusion of AI-related claims from any uncapped liability carve-outs

  • Specific disclaimer for AI hallucinations or errors

Why it matters:

If your limitation of liability has carve-outs for IP indemnification or data breaches, make sure AI-related claims don't inadvertently fall into uncapped categories.

Common Mistakes to Avoid

  • Saying nothing. The worst approach is silence. If you have AI features and your Terms of Service do not mention them, you are relying on general disclaimers that may not hold up.

  • Overpromising in marketing, underdelivering in terms. If your website says your AI is "highly accurate" or "reliable," a disclaimer saying "outputs may be inaccurate" creates a contradiction that could hurt you.

  • Ignoring third-party terms. If OpenAI's terms prohibit certain uses and you don't pass that through, you are potentially in breach if your customer violates those restrictions.

  • One-size-fits-all across tiers. Enterprise customers may need different AI terms than self-serve customers; particularly around data training and output ownership. Consider tier-specific provisions.

  • Forgetting to update. AI capabilities and regulations are evolving rapidly. Terms written today may be outdated in six months. Build in a review process.

A Note on Regulatory Compliance

AI-specific regulations are emerging and will affect your terms:

  • EU AI Act — Requires transparency disclosures for certain AI systems, risk assessments for high-risk AI, and prohibits certain AI practices. If you have EU customers, review how this affects your disclosure and compliance obligations.

  • US State Laws — Colorado's AI Act (effective 2026) requires disclosures and impact assessments for high-risk AI in certain decisions. Other states are following.

  • Sector-Specific Rules — Healthcare, financial services, and employment contexts have specific requirements for automated decision-making. If your AI touches these areas, industry-specific compliance overlays apply.

  • FTC Guidance — The FTC has signaled that it views deceptive AI claims as unfair or deceptive practices. Your marketing and your terms should align.

Conclusion

Adding AI to your product is the easy part. Updating your legal terms to match is where most companies fall behind. Your Terms of Service need to address the unique characteristics of AI: unpredictable outputs, unclear ownership, data training practices, third-party dependencies, and evolving capabilities. Silence isn't a strategy. Start with the eight elements above. Be clear about what your AI does and doesn't do. Align your marketing with your disclaimers. And revisit your terms regularly as your AI capabilities and the regulatory landscape evolve.

Need help updating your Terms of Service for AI features? Reach out for a consultation.

Ony Okoro
Next

Breach Notification Timing: What SaaS Companies Need to Know